### Prerequisites 
1. NFT
2. Redis

### Install
* ```cd /opt```
* ```git clone https://git.poster.place/verita84/firewall```
* ```cp firewall.service /etc/systemd/system```
* ```systemctl enable --now firewall```

### Configure Redis Schema
```bash firewall.sh import-db```

### Configure firewall.sh
* Edit the ```portConfig``` variables to allow ports
* Modify ```NGINX_ACCESS``` to point to your NGINX config file

### Add Detection by the Minute via Cron 
```
*/1 * * * * bash /opt/firewall/firewall.sh attacker-protection
*/5 * * * * bash /opt/firewall/firewall.sh forgive
00 00 * * * bash /opt/firewall/firewall.sh export-db
```
Per the above, new attacks are searched every minute and temp blocks are forgiven every 5 minutes. The Redis DB is exported at midnight. 

### Accessing the Menu
```bash firewall.sh```

### Custom Modules 
* There are a few custom function modules to protect against certain DDOS attacks and they are named ```module-foo()```.
* Modules can be loaded by adding them to the ```attacker-protection()``` or ```watch()``` functions as needed